Sorry for the crossposting, but this touches several areas, and I'd like to hit all at once.
I'm running a Heimdal KDC, and all is well with that. I've managed to get PAM doing it's thing, and a host of other little niggling problems. I'm now trying to add AFS into the mix, and things are less impressive. The Debian OpenAFS packages are heavily tainted towards MIT's Kerberos, which I'm not a great fan of (well, it's actually a mix of the US government's facism and MITs cold feet, but I can see where MIT is coming from) and I can't seem to get an AFS key, as follows: I've set up most stuff (vlserver, etc) and have a root volume. I managed this through both the Debian scripts and the 'real' AFS documentation. Good things all round. Now, when I try to get a ticket, using aklog (as supplied in Debian's openafs-krb5 package), I get: aklog: Couldn't get ieee.uow.edu.au AFS tickets: aklog: Cannot contact any KDC for requested realm while getting AFS tickets I have keys in the DB correcponding to both [EMAIL PROTECTED] and afs/[EMAIL PROTECTED] I can get service tickets for them on my TGT without blinking. The reason I can't contact any KDC is because, according to a strace, nothing is happening on port 4444 of my Kerberos server. I am assured by several net sources that this is the krb524 port. Surprise, surprise, there isn't one in Debian's heimdal packages. There is one in MIT's kerberos packages, but having fought with Heimdal, I'm not about to try fighting MIT as well (add the rant about MIT's unwillingness to export >here<). Hence my dilemma. Debian Heimdal doesn't come with anything approaching krb524. Is this a Heimdal problem, or a Debian problem? I'm willing to wager a Debian problem, since I looked at the source for Heimdal and it seems it's quite willing to build Kerberos 4 support, with the help of the KTH stuff and a few ./configure options. So, the questions must be asked: 1) Can Heimdal (in any form) interact with Debian's OpenAFS packages? 2) Will Debian be packaging Heimdal in a form suitable for this? 3) Will I have to scrap Heimdal (damn damn damn) and go with MIT? 4) Is 3) an easy process, considering I have many keys in a Heimdal DB, and I know that a large number of users will be royally pissed off if they have to re-key *again*? 5) Should I, in fact, just give up on AFS altogether and keep bashing my (rather pulped) head against the wall that is NFS? -- ----------------------------------------------------------------------- #include <disclaimer.h> Matthew Palmer [EMAIL PROTECTED]
